[size=large]Important stuff at the bottom of this post, even if you don't read the replies please read that.[/size]
PetersPark wrote:
I've been using mozilla persona as my only login authentication on my website and it worked out great. I think this is the way to go and with 2fa it would be even greater. (sure an ssh key would also be awesome)
Unfortunately Persona is shutting down, so we can't use that. It also requires client-side javascript which is something I wish to avoid.
snow wrote:
floattube wrote:
I think I would prefer passwords tbh. Just seems inconvenient to me. But it isn't my website and it isn't something that will drive me away.
This is pretty much my sentiment regarding the email login instead of passwords. I also don't like the only other options being to login with another account of mine. I don't want to link shit just so I can login, I'd rather just input a password. None of that facebook, steam, g+ or email bs.
Any social media logins would be optional alternatives.
Nodoudt wrote:
I gave the article a solid readthrough, and after the two or three times I went over it, the notion of e-mail security does seem like a novel idea, but perhaps one that needs to be fully fleshed-out in order to be implemented properly.
Personally, I feel that passwords provide a general level of security that should be suitable for most applications, and I certainly doubt that we have a wealth of valuable (albeit personal) information that is worth stealing. Of course, the e-mail system places less accountability on the website administration in the event of a breach, but the likelihood of that is very low in my opinion - especially for a small community such as this. It does seem exciting to adopt this new method of security, but I would at least advise some caution in doing so as it's still a fledgling concept.
The other point to mention is user experience.
Anyone who has ever used a forum is familiar with quickly typing in their username and password and jumping right into a thread - that's how it's always been. The familiarity and procedure of "logging in" would be the biggest hurdle to overcome. Most users might be hesitant to change over methods, but I'm sure they'd get used to it.
In all, this could be a great new way to protect Lewd's users, and the website is new enough that it can adopt the new system without too much of a fuss.
That being said, perhaps it would be best to issue a sitewide poll, and let them decide what they're more comfortable with.
First of all, protecting passwords in the case of a breach is actually not that hard: just use bcrypt. Crystal provides a really handy wrapper to manage passwords (Crypto::Bcrypt:😛assword), so I believe we can provide a very high level of password security even in the case of a breach. Second of all, I don't believe that removing passwords provides much more security, that would come through the use of 2fa.
tn5421 wrote:
I think you should just enable 2 factor authentication, personally. Â I, like most other users, use some kind of password manager and this would inconvenience the large majority of us should passwords not be allowed. Â I think that this would be fine as an opt-in or even an opt-out measure, though, as long as there were some way to not use it.
2fa is orthogonal to this email auth suggestion. 2fa is just that, a second factor, it should not be relied on to be the first and only source of authentication to log into a site. I belive password + 2fa would be much more effort to gogin with than email auth, and unless we turn off password reset for people with 2fa (we could do that!) it's no more secure.
Backlash wrote:
Melancholy wrote:
If we do add it, we will also have SSO options; like Farcebook, Steam, Google+, whatever.
Pls no.
I've always considered Lewd to be its own separate, insulated, self-sufficient community. While SSO options might bring more users to the forums, odds are that anyone who's actually, genuinely interested in the community would've taken the time to make an account.
Besides. While we've got plenty of users that made a dozen posts and fucked off elsewhere, the alternative would be infinitely worse. I'd really, really prefer if Lewd didn't go the way of Usenet.
I'm not too sure about this, you're saying that having SSO auth would mean that new users would find it "too easy" and we would get laods of users that make a few posts and go elsewhere? There's something for that, sure, making an account is an investment and people who make that investment are more likely to stay invested and stick around. However I don't think people making a few posts then leaving is especially a bad thing, and if their posts got any notifications they will get an email and might even come back!
PetersPark wrote:
snow wrote:
floattube wrote:
I think I would prefer passwords tbh. Just seems inconvenient to me. But it isn't my website and it isn't something that will drive me away.
This is pretty much my sentiment regarding the email login instead of passwords. I also don't like the only other options being to login with another account of mine. I don't want to link shit just so I can login, I'd rather just input a password. None of that facebook, steam, g+ or email bs.
Well your account is already tied to your email. While not impossible, it's pretty hard to tie your account to nothing else,without getting lots of spam.Â
I still don't really understand how this is any more inconvenient. We have to give our email anyways so for our first login it's just one step less. For any next login instead of opening your password manager you have to open your email client.Â
It probably is easier to implement this instead of proper password storage and as we have seen over and over again, this doesn't even seem to exist, since lots of websites got their password db breached.Â
It certainly would make sense to add a pub key. Even Facebook nowadays supports encrypted pgp mails.Â
I think the worst thing about it, is that we just aren't used to it.
Once again, password storage isn't an issue, most of these sites that got hacked are old and didn't use modern (or even best in their day) security practices. Bcrypt is amazingly expensive to calculate, and salted, so basically nearly impossible to crack if you choose the correct work factor. As always with password storage: just use bcrypt.
snow wrote:
PetersPark wrote:
snow wrote:
floattube wrote:
I think I would prefer passwords tbh. Just seems inconvenient to me. But it isn't my website and it isn't something that will drive me away.
This is pretty much my sentiment regarding the email login instead of passwords. I also don't like the only other options being to login with another account of mine. I don't want to link shit just so I can login, I'd rather just input a password. None of that facebook, steam, g+ or email bs.
Well your account is already tied to your email. While not impossible, it's pretty hard to tie your account to nothing else,without getting lots of spam.Â
I still don't really understand how this is any more inconvenient. We have to give our email anyways so for our first login it's just one step less. For any next login instead of opening your password manager you have to open your email client.Â
It probably is easier to implement this instead of proper password storage and as we have seen over and over again, this doesn't even seem to exist, since lots of websites got their password db breached.Â
It certainly would make sense to add a pub key. Even Facebook nowadays supports encrypted pgp mails.Â
I think the worst thing about it, is that we just aren't used to it.
I don't use a password manager, so an extra step is simply just annoying. I'm not against change, and I certainly will give the feature its fair shot despite my current feelings towards it. I just don't want to open my email every time I have to login, much like I don't want to open my phone every time I want to login to steam. Guess I'll get over it and complain under my breath, we'll see.
I've never said that we are definitely going to implement this authentication, so you might not have to complain under your breath after all.
It seems, from reading the responses in this thread that the main issue people see with this login scheme is usability. And I'll agree with that, it can take more time  to use than username and  password, although less so if you use a password manager. When I was contemplating this idea, I made the assumption that logging into lewd is not a frequent operation, and for me it certainly isn't. I have logged into lewd maybe 5 times, ever. But lewd has quite a different demographic than most websites, so these assumptions might be invalid. The question "is this overhead worth it" depends on two things: how often you log in and what benefits it brings.
I have set up a strawpoll for how often you actually log into lewd, that is how often you type your password, not how often you use lewd. Please vote here:
As for the benefits, here they are:
Lewd doesn't have to store your password, it can't be leaked through us. (Unlikely anyway, see above.)
The problem of using passwords from other sites to try and login (to lewd) is gone.
You don't have to remember yet another password, or use a password manager (you are using different password for all your sites, right?)
Your mail provider (should, please don't use yahoo) implement 2fa, good password security etc. so we don't have to.
You don't have to install a password manager on your phone and fuck with copying password from that just to login.
Once we have the data on how often people log into lewd, we should have a better idea on whether implementing this authentication pattern is worth it.